From dc06d68bdc4c2562b5cc530f21e668a17d78ee2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Go=C5=82=C4=99biowski-Owczarek?= Date: Wed, 29 Apr 2020 16:39:04 +0200 Subject: [PATCH] Tests: Add tests for recently fixed manipulation XSS issues Closes gh-4685 Ref gh-4642 Ref gh-4647 --- test/unit/manipulation.js | 49 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/test/unit/manipulation.js b/test/unit/manipulation.js index 5ac76b68dc..45946c3557 100644 --- a/test/unit/manipulation.js +++ b/test/unit/manipulation.js @@ -2912,3 +2912,52 @@ testIframe( // See https://web.archive.org/web/20171203124125/https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/13246371/ QUnit[ /\bedge\//i.test( navigator.userAgent ) ? "skip" : "test" ] ); + +QUnit.test( "Sanitized HTML doesn't get unsanitized", function( assert ) { + + var container, + counter = 0, + assertCount = 13, + done = assert.async( assertCount ); + + assert.expect( assertCount ); + + Globals.register( "xss" ); + window.xss = sinon.spy(); + + container = jQuery( "
" ); + container.appendTo( "#qunit-fixture" ); + + function test( htmlString ) { + var currCounter = counter, + div = jQuery( "
" ); + + counter++; + + div.appendTo( container ); + div.html( htmlString ); + + setTimeout( function() { + assert.ok( window.xss.withArgs( currCounter ).notCalled, + "Insecure code wasn't executed, input: " + htmlString ); + done(); + }, 1000 ); + } + + // Note: below test cases need to invoke the xss function with consecutive + // decimal parameters for the assertion messages to be correct. + // Thanks to Masato Kinugawa from Cure53 for providing the following test cases. + test( "\"<x\"\">" ); + test( "\"\n<x\"\n\">" ); + test( "" ); +} );